EFF has joined an amicus curiaebrief urging the Illinois Supreme Court to adopt a robust interpretation of BIPA. Our fellow amici are ACLU, CDT, the Chicago Alliance Against Sexual Exploitation, PIRG, and Lucy Parsons Labs. In the case on appeal, Rosenbach v. Six Flags, an adolescent who purchased a season pass to an amusement park alleges the park scanned and stored his thumbprint biometrics without written consent or notice about its plan to collect, store, and use his biometric information.

The Illinois Supreme Court will decide the effectiveness of BIPA’s enforcement tool. BIPA provides that “any person aggrieved by a violation of this Act” may file their own lawsuit against the company that violated the Act. The question before the court is whether a person is “aggrieved,” and may sue, based solely on the collection of their biometric information without their informed opt-in consent, or whether a person must also show some additional injury.

EFF and our fellow amici argue that a person is “aggrieved,” and may sue, based just on capture of their biometric information without notice and informed consent. We offer several reasons. First, biometric surveillance is a growing menace to our privacy. Our biometric information can be harvested at a distance and without our knowledge, and we often have no ability as individuals to effectively shield ourselves from this grave privacy intrusion. Second, BIPA follows in the footsteps of a host of other privacy laws that prohibit the capture of private information absent informed opt-in consent, and that define capture without notice and consent by itself as an injury. Third, allowing private lawsuits is a necessary means to ensure effective enforcement of privacy laws.

Perhaps most importantly, more businesses than ever are capturing and monetizing our biometric information. Retailers use face recognition to surveil shoppers’ behavior as they move about the store, and to identify potential shoplifters. Employers use fingerprints, iris scans, and face recognition to manage employee access to company phones and computers. People have filed BIPA lawsuits against major technology companies like Facebook, Google, and Snapchat, alleging the companies applied face recognition to their uploaded photographs without their consent. The U.S. Chamber of Commerce recently filed an amicus brief in one of these lawsuits, urging a federal appellate court to gut BIPA.

Illinois’ BIPA is the strongest biometric privacy law in the United States. EFF and other privacy groups for years haveresisted big business efforts to gut BIPA through the legislative process. Now we are proud to join our privacy allies in an ami­cus brief before the Illinois Supreme Court to push back against the latest effort to weaken BIPA.

Related Updates

Hiperderecho, the leading digital rights organization in Peru, in collaboration with the Electronic Frontier Foundation, today launched its second ¿Quien Defiende Tus Datos? (Who Defends Your Data?), an evaluation of the privacy practices of the Internet Service Providers (ISPs) that millions of Peruvians use every day. This year's...

The California Consumer Privacy Act (CCPA) requires the California Attorney General to take input from the public on regulations to implement the law, which does not go into effect until 2020. The Electronic Frontier Foundation has filed comments on two issues: first, how to verify consumer requests to companies for...

Ever since the Cambridge Analytica scandal last summer, consumer data privacy has been a hot topic in Congress. The witness table has been dominated by the biggest platforms, with those in lockstep with the tech giants earning the vast majority of attention. However, this week marked the first time that...

We urged the Florida Supreme Court yesterday to review a closely-watched lawsuit to clarify the due process rights of defendants identified by facial recognition algorithms used by law enforcement. Specifically, we told the court that when facial recognition is secretly used on people later charged with a crime, those...

In his latest announcement, Facebook CEO Mark Zuckerberg embraces privacy and security fundamentals like end-to-end encrypted messaging. But announcing a plan is one thing. Implementing it is entirely another. And for those reading between the lines of Zuckerberg’s pivot-to-privacy manifesto, it’s clear that this isn’t just about privacy. It’s...

In back-to-back hearings last week, the House and the Senate discussed what, if anything, Congress should do about online privacy. Sounds fine—until you see who they invited. Congress should be seeking out multiple, diverse perspectives. But last week, both chambers largely invited industry advocates, eager to...

San Francisco - Technology is supposed to make our lives better, yet many big companies have products with big security and privacy holes that disrespect user control and put us all at risk. The Electronic Frontier Foundation (EFF) is launching a new project called “Fix It Already!” demanding repair...

Today we are announcing Fix It Already, a new way to show companies we're serious about the big security and privacy issues they need to fix. We are demanding fixes for different issues from nine tech companies and platforms, targeting social media companies, operating systems, and enterprise platforms on...

Update, 2:35 p.m.: The coalition of groups behind Privacy for All has grown since time of publishing. This update reflects the latest count. Privacy is a right. It is past time for California to ensure that the companies using secretive practices to make money off of our personal information treat...